AHA urges HHS to align AI rules with existing healthcare regulations

 The American Hospital Association is calling on federal health officials to reduce regulatory barriers and ensure clinician oversight as artificial intelligence becomes more integrated into clinical care.

In a Feb. 23 letter to the Department of Health and Human Services, the AHA outlined recommendations in response to the agency’s request for information on accelerating AI adoption in healthcare.

Here are five things to know:

1. The association urged HHS to align new AI policies with existing regulatory frameworks rather than creating standalone rules, arguing duplicative or overly restrictive regulations could hamper innovation. It specifically called on the agency to withdraw the proposed 2024 HIPAA Security Rule update, saying certain provisions — including a 72-hour system restoration requirement after cyberattacks — would be infeasible and could increase risk.
   
   
2. The AHA also pressed for stronger federal HIPAA preemption to address what it described as a patchwork of state privacy laws that increase compliance costs and impede data sharing critical to AI development. The group also urged removal of remaining 42 CFR Part 2 requirements requiring separate handling of substance use disorder records.
   
   
3. A key focus of the letter was insurer use of AI in prior authorization and coverage determinations. The AHA said clinicians — not AI tools alone — should be involved in decisions resulting in partial or full denials of care and called for greater transparency around how algorithms are used.
   
   
4. On reimbursement, the association said Medicare payment structures do not fully account for the costs of developing, deploying and maintaining AI tools and warned payment updates for AI services should not come at the expense of other medical services. It cited costs including clinical validation time, maintenance, cybersecurity insurance and software and data storage.
   
   
5. The AHA also recommended third-party vendors, including AI developers handling protected health information, be held to the same privacy and security standards as HIPAA-covered entities and called for risk-based post-deployment monitoring standards for AI-enabled medical devices.

The letter emphasized that while AI shows promise in areas such as imaging, clinical documentation and scheduling, guardrails are needed to ensure patient safety and appropriate oversight as adoption expands.

https://www.beckershospitalreview.com/healthcare-information-technology/ai/aha-urges-hhs-to-align-ai-rules-with-existing-healthcare-regulations/